<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7651.59">
<TITLE>Re: [Seaside] spooky seaside</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Also, look at trimForDeployment and isDeployed,<BR>
<BR>
Cheers!<BR>
<BR>
-Boris<BR>
(Sent from a BlackBerry)<BR>
<BR>
----- Original Message -----<BR>
From: seaside-bounces@lists.squeakfoundation.org <seaside-bounces@lists.squeakfoundation.org><BR>
To: Seaside - general discussion <seaside@lists.squeakfoundation.org><BR>
Sent: Wed May 02 07:01:08 2007<BR>
Subject: Re: [Seaside] spooky seaside<BR>
<BR>
On Wed, 2007-05-02 at 00:55 -0700, Avi Bryant wrote:<BR>
> On 5/2/07, Norbert Hartl <norbert@hartl.name> wrote:<BR>
> > Hi,<BR>
> ><BR>
> > yesterday I showed a colleague our webapp. He wondered<BR>
> > about the "strange" URLs. The next thing he was starting<BR>
> > to notice that the _k parameter has something linear in<BR>
> > it. So he played around entering URLs as derivate from the<BR>
> > URLs he got from a loaded page. After 4 attempts he got<BR>
> > the WADispatcherEditor. I was shocked.<BR>
><BR>
> Are you sure he actually hit upon a valid _k value? There are lots of<BR>
> ways that an invalid one would have brought you by default to a<BR>
> WADispatcherEditor. For example, if the session key were valid, and<BR>
> that was the last page you had seen. Or, if he modified the URL to<BR>
> include /config, where WADispatcherEditor is the root component.<BR>
><BR>
Yes, I had the page open on my laptop. He couldn't get a /config<BR>
into the path as the requests are rewritten by apache. I'm not<BR>
sure he hit an actually _k value (how could I know?).<BR>
<BR>
> The _k values are WAExternalIDs, which are 64 bit random numbers,<BR>
> generated by the standard Random class. In Squeak that's apparently a<BR>
> Park-Miller generator.<BR>
><BR>
> The chances of hitting upon a real _k value should be astronomically<BR>
> low. You would also need to guess the right corresponding _s, which<BR>
> means you're searching through a 128bit space. On Squeak I've<BR>
> certainly never spotted anything linear in the values, although maybe<BR>
> your friend has an eye for it which I don't.<BR>
><BR>
I was unclear. He just tweaked the last parameter (the &number)<BR>
> ><BR>
> > But the _k parameter he used was<BR>
> > completely different to that I had on the Dispatcher Editor.<BR>
> ><BR>
> > So I like to know a few things:<BR>
> ><BR>
> > - how is the _s and _k parameter build? Is it possible to<BR>
> > get the same page (stack pointer) with two different<BR>
> > _k parameters?<BR>
><BR>
> Well, sort of. There's a _k for the callback actions, which then<BR>
> immediately gets redirected to a new _k for rendering the page.<BR>
> Either of those will basically get you to the same place. But more to<BR>
> the point, as I mentioned above, if the _k is totally wrong you'll get<BR>
> taken a default location, which could well have been the<BR>
> WADispatcherEditor.<BR>
><BR>
OK, I'll check that.<BR>
<BR>
> > - What is the best way to remove WADispatcherEditor. When<BR>
> > I remove it it still has references and stays as AnObsolete.<BR>
><BR>
> You don't need to remove the class, just get rid of the config app.<BR>
> You should be able to do that from within /config itself.<BR>
><BR>
Yes, I found that myself. I use now:<BR>
<BR>
d := (WADispatcher default) .<BR>
d entryPoints keys do: [<BR>
:each|<BR>
(each = 'myapp') ifFalse: [<BR>
d unregister: (d entryPointAt: each)<BR>
]<BR>
]<BR>
<BR>
Thanks<BR>
<BR>
Norbert<BR>
<BR>
_______________________________________________<BR>
Seaside mailing list<BR>
Seaside@lists.squeakfoundation.org<BR>
<A HREF="http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside">http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside</A><BR>
</FONT>
</P>
</BODY>
</HTML>